nuclear-news

A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information.

The company, Westech International, has a range of contracts with the military for everything from ongoing evaluation for the ballistic missile defense system in Colorado, to a role as a sub-contractor for Northrup Grumman. In the latter capacity it provides engineering support, repair and maintenance for ground subsystems components involved in the Minuteman III intercontinental ballistic missile (ICBM) program.

The U.S. has about 440 of the ICBMs, which have been around since the 1970s and which are stored in U.S. Air Force facilities in Montana, North Dakota and Wyoming. They make up the country’s long-range land-to-air nuclear stockpile, and each can travel up to 6,000 miles with a payload of several thermonuclear warheads on board, according to the Center for Strategic and International Studies.

The cyberattackers first compromised the contractor’s internal network, the company confirmed to Sky News, before encrypting files and exfiltrating data. Maze has a quirk not found in most ransomwares: In addition to encrypting files and offering the decryption key in exchange for a ransom payment, it also automatically copies all affected files to the malicious operators’ servers.

The Maze operators thus often carry out  “double extortion” attacks, in which they leak information on an underground forum unless victims pay up. In fact, researchers said in April that the Maze gang has created a dedicated web page, which lists the identities of their non-cooperative victims and regularly publishes samples of the stolen data. This so far includes details of dozens of companies, including law firms, medical service providers and insurance companies, that have not given in to their demands……..  https://threatpost.com/nuclear-contractor-maze-ransomware-data-leaked/156289/